Promote this Nomination

Additional Info

Company size (employees)100 to 499
Headquarters RegionNorth America
Type of solutionCloud/SaaS


The iboss platform is the leading SASE platform that is architecturally based on containerization. Containerization allows iboss to deliver secure connectivity for users anywhere while maintaining a completely isolated and controlled network data path. In addition, a fully containerized architecture allows for natural hybrid deployments where proxy and firewall security features can be delivered within the government network, while leveraging the cloud based service, if needed, for remote users.

Understanding containerization is the key for government networks in need of a highly secure service. With a containerized service like iboss, the network connections from devices and users are processed within isolated containerized gateways which perform proxy and firewall functions. The containerized gateways never process data for any other organization and data is never mixed with that of any other customer.

With alternative SASE platforms that lack containerization, network traffic from multiple organizations are processed within the same gateways that proxy, decrypt and firewall data for other organizations. Mixing data within the gateways that perform functions like decryption not only results in latency but increases security risks.

With a containerized cloud architecture like iboss, full isolation of data is achieved as it moves between users and the cloud, including full isolation of the private keys required to decrypt that traffic. The containerized cloud gateways isolate the private SSL decryption keys to ensure security and reduce risk.
The iboss platform provides a consistent network security stack that is applied to users, regardless of their location, including trusted government operated networks and untrusted remote networks. And because the iboss platform is built on containerization, the source IP Address that is visible to the destination is always dedicated to the government agency.

How we are different

* A containerized architecture allows the containerized cloud gateways to extend into physical form so they can be run within the government network itself. This includes running the gateways within a government office, base or data center. The containerized gateways run on physical infrastructure that is within the government network and have the ability to proxy and firewall traffic directly within the government facility without ever sending that traffic through the cloud gateways running within the service.

* Dedicated IP addresses has major advantages for government agencies which are running comply to connect initiatives. The source IP Address is only used by users of that specific government agency as the containerized gateways proxy and NAT traffic without mixing data and with the ability to preserve the source IP regardless of user location. This is unlike a non-containerized model where the source IP Addresses are shared between any customer leveraging the cloud security service. Although a security policy might be in place, it cannot be guaranteed that it is the network security policy specifically assigned by the government agency.

* The dedicated and sticky IP Addresses provided by the iboss cloud SASE service allows the government agency to apply login restrictions to cloud applications making originally publicly accessible applications private. For example, a public cloud application like Microsoft Office 365 can be locked down to only the source IP Addresses that belong to the government agency. Only users connected through the iboss service, and specifically connected through the agency’s account, will be allowed to connect to the cloud application.